diff --git a/secrets/.gitattributes b/secrets/.gitattributes deleted file mode 100644 index 7ca9979..0000000 --- a/secrets/.gitattributes +++ /dev/null @@ -1,5 +0,0 @@ -* filter=git-crypt diff=git-crypt -.gitattributes !filter !diff -/default.nix !filter !diff -/secrets.nix !filter !diff -*.age !filter !diff diff --git a/secrets/acme/key.env b/secrets/acme/key.env deleted file mode 100644 index 061d6c1..0000000 Binary files a/secrets/acme/key.env and /dev/null differ diff --git a/secrets/backup/credentials.env b/secrets/backup/credentials.env deleted file mode 100644 index 5b75142..0000000 Binary files a/secrets/backup/credentials.env and /dev/null differ diff --git a/secrets/backup/password.txt b/secrets/backup/password.txt deleted file mode 100644 index a8f640c..0000000 Binary files a/secrets/backup/password.txt and /dev/null differ diff --git a/secrets/canary b/secrets/canary deleted file mode 100644 index e910ea3..0000000 Binary files a/secrets/canary and /dev/null differ diff --git a/secrets/default.nix b/secrets/default.nix index ed7cae5..3d13588 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,35 +1,11 @@ { inputs, lib, options, ... }: with lib; -let - throwOnCanary = - let - canaryHash = builtins.hashFile "sha256" ./canary; - expectedHash = - "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; - in - if canaryHash != expectedHash - then throw "Secrets are not readable. Have you run `git-crypt unlock`?" - else id; -in -throwOnCanary { +{ imports = [ inputs.agenix.nixosModules.age ]; - options.my.secrets = mkOption { - type = - let - valueType = with types; oneOf [ - int - str - (attrsOf valueType) - (listOf valueType) - ]; - in - valueType; - }; - config.age = { secrets = let @@ -48,53 +24,4 @@ throwOnCanary { "/home/ambroisie/.ssh/id_ed25519" ]; }; - - config.my.secrets = { - acme.key = fileContents ./acme/key.env; - - backup = { - password = fileContents ./backup/password.txt; - credentials = readFile ./backup/credentials.env; - }; - - drone = { - gitea = readFile ./drone/gitea.env; - secret = readFile ./drone/secret.env; - ssh = { - publicKey = readFile ./drone/ssh/key.pub; - privateKey = readFile ./drone/ssh/key; - }; - }; - - lohr.secret = fileContents ./lohr/secret.txt; - - matrix = { - mail = import ./matrix/mail.nix; - secret = fileContents ./matrix/secret.txt; - }; - - miniflux.password = fileContents ./miniflux/password.txt; - - monitoring.password = fileContents ./monitoring/password.txt; - - nextcloud.password = fileContents ./nextcloud/password.txt; - - paperless = { - password = fileContents ./paperless/password.txt; - secretKey = fileContents ./paperless/secretKey.txt; - }; - - podgrab.password = fileContents ./podgrab/password.txt; - - sso = import ./sso { inherit lib; }; - - transmission.password = fileContents ./transmission/password.txt; - - users = { - ambroisie.hashedPassword = fileContents ./users/ambroisie/password.txt; - root.hashedPassword = fileContents ./users/root/password.txt; - }; - - wireguard = import ./wireguard { inherit lib; }; - }; } diff --git a/secrets/drone/gitea.env b/secrets/drone/gitea.env deleted file mode 100644 index 82b190c..0000000 Binary files a/secrets/drone/gitea.env and /dev/null differ diff --git a/secrets/drone/secret.env b/secrets/drone/secret.env deleted file mode 100644 index 647d161..0000000 Binary files a/secrets/drone/secret.env and /dev/null differ diff --git a/secrets/drone/ssh/key b/secrets/drone/ssh/key deleted file mode 100644 index 1b70a14..0000000 Binary files a/secrets/drone/ssh/key and /dev/null differ diff --git a/secrets/lohr/secret.txt b/secrets/lohr/secret.txt deleted file mode 100644 index cbc3a26..0000000 Binary files a/secrets/lohr/secret.txt and /dev/null differ diff --git a/secrets/matrix/mail.nix b/secrets/matrix/mail.nix deleted file mode 100644 index 333f8b2..0000000 Binary files a/secrets/matrix/mail.nix and /dev/null differ diff --git a/secrets/matrix/secret.txt b/secrets/matrix/secret.txt deleted file mode 100644 index ce64730..0000000 Binary files a/secrets/matrix/secret.txt and /dev/null differ diff --git a/secrets/miniflux/password.txt b/secrets/miniflux/password.txt deleted file mode 100644 index 482d1b7..0000000 Binary files a/secrets/miniflux/password.txt and /dev/null differ diff --git a/secrets/monitoring/password.txt b/secrets/monitoring/password.txt deleted file mode 100644 index 98d0972..0000000 Binary files a/secrets/monitoring/password.txt and /dev/null differ diff --git a/secrets/nextcloud/password.txt b/secrets/nextcloud/password.txt deleted file mode 100644 index c2e458c..0000000 Binary files a/secrets/nextcloud/password.txt and /dev/null differ diff --git a/secrets/paperless/password.txt b/secrets/paperless/password.txt deleted file mode 100644 index 5e2cb81..0000000 Binary files a/secrets/paperless/password.txt and /dev/null differ diff --git a/secrets/paperless/secretKey.txt b/secrets/paperless/secretKey.txt deleted file mode 100644 index fe31bc4..0000000 Binary files a/secrets/paperless/secretKey.txt and /dev/null differ diff --git a/secrets/podgrab/password.txt b/secrets/podgrab/password.txt deleted file mode 100644 index 81da33c..0000000 Binary files a/secrets/podgrab/password.txt and /dev/null differ diff --git a/secrets/sso/.gitattributes b/secrets/sso/.gitattributes deleted file mode 100644 index d4bba55..0000000 --- a/secrets/sso/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -/default.nix filter diff diff --git a/secrets/sso/ambroisie/password-hash.txt b/secrets/sso/ambroisie/password-hash.txt deleted file mode 100644 index 9b2c759..0000000 Binary files a/secrets/sso/ambroisie/password-hash.txt and /dev/null differ diff --git a/secrets/sso/ambroisie/totp-secret.txt b/secrets/sso/ambroisie/totp-secret.txt deleted file mode 100644 index 2a4d10a..0000000 Binary files a/secrets/sso/ambroisie/totp-secret.txt and /dev/null differ diff --git a/secrets/sso/auth-key.txt b/secrets/sso/auth-key.txt deleted file mode 100644 index 785d8d0..0000000 Binary files a/secrets/sso/auth-key.txt and /dev/null differ diff --git a/secrets/transmission/password.txt b/secrets/transmission/password.txt deleted file mode 100644 index b1b7c2a..0000000 Binary files a/secrets/transmission/password.txt and /dev/null differ diff --git a/secrets/users/ambroisie/password.txt b/secrets/users/ambroisie/password.txt deleted file mode 100644 index 65fbdfb..0000000 Binary files a/secrets/users/ambroisie/password.txt and /dev/null differ diff --git a/secrets/users/root/password.txt b/secrets/users/root/password.txt deleted file mode 100644 index 6fe87e9..0000000 Binary files a/secrets/users/root/password.txt and /dev/null differ diff --git a/secrets/wireguard/.gitattributes b/secrets/wireguard/.gitattributes deleted file mode 100644 index 714f3f9..0000000 --- a/secrets/wireguard/.gitattributes +++ /dev/null @@ -1,2 +0,0 @@ -/default.nix filter diff -public-key.txt filter diff diff --git a/secrets/wireguard/aramis/public.key b/secrets/wireguard/aramis/public.key deleted file mode 100644 index 892536e..0000000 Binary files a/secrets/wireguard/aramis/public.key and /dev/null differ diff --git a/secrets/wireguard/aramis/secret.key b/secrets/wireguard/aramis/secret.key deleted file mode 100644 index 5f858e4..0000000 Binary files a/secrets/wireguard/aramis/secret.key and /dev/null differ diff --git a/secrets/wireguard/porthos/public.key b/secrets/wireguard/porthos/public.key deleted file mode 100644 index d89e768..0000000 Binary files a/secrets/wireguard/porthos/public.key and /dev/null differ diff --git a/secrets/wireguard/porthos/secret.key b/secrets/wireguard/porthos/secret.key deleted file mode 100644 index 1ecc84b..0000000 Binary files a/secrets/wireguard/porthos/secret.key and /dev/null differ diff --git a/secrets/wireguard/richelieu/public.key b/secrets/wireguard/richelieu/public.key deleted file mode 100644 index 2ad8bbc..0000000 Binary files a/secrets/wireguard/richelieu/public.key and /dev/null differ diff --git a/secrets/wireguard/richelieu/secret.key b/secrets/wireguard/richelieu/secret.key deleted file mode 100644 index 8b351b6..0000000 Binary files a/secrets/wireguard/richelieu/secret.key and /dev/null differ